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DETAILED ACTION 

1 Presently, pending claims are 1 - 40. 

Continued Examination Under 37 CFR 1.114 

2. A request for continued examination under 37 CFR 1.114. including the fee set forth in 
37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible 
for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has 
been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 
CFR 1.114. Applicant's submission filed on 10/5/2007 has been entered. 

Claim Rejections - 35 USC §112 
The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The speciftcation shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

3. Claims 1 and 14 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

Claims 1 and 14 are indefinite because the claim language "determining, based on said 
user input and not on execution environment selection input, whether said user input is intended 
for said secured execution environment" is considered to be unclear in the context and scope of 
its meaning about what exactly to constitute " based on said user input and not on execution 
environment selection input ". Examiner notes according to the disclosure of the specification, 
the subject matter of inventions indicates: "determining whether the user input is intended for 
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nexus (i.e. a guest operating system)" (SPEC: Page 14 / Para [0048]) - Therefore, Examiner 
notes the determination is indeed based on the user input on a selection of execution 
environment with nexus (i.e. a guest operating system) instead of host operating system . 

Any other claims not addressed are rejected by virtue of their dependency should also 
be corrected. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraph of 35 U.S.C. 102 that forms the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed In the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

4. Claims 1, 5, 7, 14, 18, 20, 27, 31 and 33 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Griffin et al. (U.S. Patent 7,159,210). 

As per claim 1,14 and 27, Griffin teaches a method for providing a secure user interface 
to a secured execution environment on a system comprising said secured execution 
environment and an second execution environment (Griffin: Abstract), comprising: 

accepting user input intended for either said secured execution environment or said 
second execution environment from a user input device (Griffin: Figure 2 / Element 21 1 . Column 
3 Line 8-11 and Column 5 Line 33 - 60: (a) either a host operating system or a guest 
operating system is provided depends on the level of security concerns (b) an application / 
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process is also considered as a user entity because any application must be initially activated 
by a user); 

determining, based on said user input and not on execution environment selection input , 
whether said user input is intended for said secured execution environment (Griffin: Column 5 
Line 33 - 60: Also see 112-2"^ rejection). 

if said user input is not intended for said secured execution environment, transferring 
said user input to said second execution environment (Griffin: Column 5 Line 33 - 60). 

As per claim 5, 18 and 31 , Griffin teaches if said user input is intended for said secured 
execution environment, determining a specific destination entity in said secured execution 
environment for said user input; and transferring said user input to said specific destination 
entity (Griffin: Column 5 Line 33 - 60). 

As per claim 7, 20 and 33, Griffin teaches interpreting said user input (Griffin: Column 3 
Line 10-19). 

5. Claims 1 1 - 13, 24 - 26 and 37 - 40 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Boebert et al. (U.S. Patent 5,822,435). 

As per claim 1 1, 24 and 37, Boebert teaches a method for providing a secure user 
interface to a secured execution environment on a system (Boebert : Figure 4) comprising said 
secured execution environment and an second execution environment (Boebert : Figure 2 / 
Element 63 & 69 and Column 4 Line 51 - 53), comprising: 
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accepting output from a specific source entity within said secured execution environment 
and not within said second execution environment (Boebert : Column 8 Line 45 - 50: (a) a 
trusted path mode is considered as a secured execution environment (b) the video RAIVI as the 
source of the output is qualified as "an output of a specific source entity within said secured 
execution environment" to meet the claim language because the video RAM is used only in 
trusted path mode and not in normal mode) : and 

securely transferring said output to an output device (Boebert : Column 8 Line 57 - 63 
and Column 9 Line 53 - 65: (a) in a secure mode, an output is transferred and stored in to a 
video RAM, which is not used in a normal mode and outputted to a trusted window and (b) 
display the data on a trusted window, as taught by Boebert, can be considered as securely 
transferring the output to an output device). 

As per claim 12. 25 and 38, Boebert teaches encrypting said data portion of said output 
(Boebert : Column 3 Line 26 - 28: data transfenred from an output device is encrypted first). 

As per claim 13, 26, and 39, Boebert teaches transferring said output to a curtained 
memory (Boebert : Column 8 Line 57 - 63: a curtained memory is interpreted as a protected 
memory area. In a secure mode, an output is transferred and stored in to a video RAM, which 
is not used in a normal mode and outputted to a trusted window). 

As per claim 40, Boebert teaches a trusted rendering interface providing rendering said 
output from said specific source entity (Boebert : Column 8 Line 48 - 63: a trusted video 
manager and a trusted window for a specific user screen display); and where said secure 
transfer is a transfer of said rendered output (Boebert : Column 8 Line 57 - 63: a curtained 
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memory is interpreted as a protected memory area. In a secure mode, an output is transferred 
and stored in to a video RAM, which is not used in a normal mode and outputted to a trusted 
window). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 2 - 4, 6 - 10, 15 - 17, 19, 21 - 23, 28 - 30, 32 and 34 - 36 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Griffin et al. (U.S. Patent 7.159,210), in view of 
Boebert et al. (U.S. Patent 5.822,435). 

As per claim 2, 15 and 28, Griffin does not disclose expressly said step of accepting user 
input from a user input device comprises decrypting said user input. 

Boebert teaches said step of accepting user input from a user input device comprises 
decrypting said user input (Boebert : Column 3 Line 26 - 30). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Boebert within the system of Griffin because (a) 
Griffin teaches performing secured and non-secured computing operation in a compartmented 
operating environments (Griffin: Abstarct), and (b) Boebert teaches ensuring of a secured 
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protection mechanism when data transferred from the input / output devices over a secured and 
non-secured operation environments (Boebert: Abstract). 

As per claim 3, 16 and 29, Griffin does not disclose expressly establishing a secure 
communications channel with said user input. 

Boebert teaches establishing a secure communications channel with said user input 
(Boebert : Column 3 Line 26 - 30: the user input is encrypted first). See the same rationale of 
combination applied herein as above in rejecting the claim 2 

As per claim 4, 17 and 30, Griffin does not disclose expressly establishing a secure 
communications channel with said user input. 

Boebert teaches verifying said user input (Boebert : Column 6 Line 26 - 29). encrypted 
first). See the same rationale of combination applied herein as above in rejecting the claim 2. 

As per claim 6, 19, Griffin does not disclose expressly providing window management 
functionality for managing at least one graphical user interface element owned by said specific 
destination entity. 

Boebert teaches providing window management functionality for managing at least one 
graphical user interface element owned by said specific destination entity (Boebert : Column 6 
Line 53 - 59 and Column 8 Line 57 - 63); and determining that said user input relates to said 
graphical user interface element (Boebert : Column Column 8 Line 60 - 63 and Figure 6 / 
Element 82). encrypted first). See the same rationale of combination applied herein as above 
in rejecting the claim 2. 
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As per claim 8, 21 and 34, Griffin does not disclose expressly accepting output from a 
specific source entity in said secured execution environment. 

Boebert teaches accepting output from a specific source entity in said secured execution 
environment (Boebert : Column 8 Line 45 - 50: a trusted path mode is considered as a secured 
execution environment); and securely transferring said output to an output device (Boebert : 
Column 8 Line 57 - 63: in a secure mode, an output is transferred and stored in to a video 
RAM, which is not used in a normal mode and outputted to a trusted window), encrypted first). 
See the same rationale of combination applied herein as above in rejecting the claim 2. 

As per claim 9, 22 and 35, Griffin as modified teaches encrypting said data portion of 
said output (Boebert : Column 3 Line 26 - 28: data trabsferrde from an output device is 
encrypted first). 

As per claim 10, 23 and 36, Griffin as modified teaches transferring said output to a 
curtained memory (Boebert : Column 8 Line 57 - 63: a curtained memory is interpreted as a 
protected memory area. In a secure mode, an output is transferred and stored in to a video 
RAM, which is not used in a normal mode and outputted to a trusted window). 

As per claim 32, Griffin does not disclose expressly a trusted window manager that 
provides window management functionality for managing at least one graphical user interface 
element owned by said specific destination entity. 

Boebert teaches a trusted window manager that provides window management 
functionality for managing at least one graphical user interface element owned by said specific 
destination entity (Boebert : Column 6 Line 53 - 59 and Column 8 Line 57 - 63 & Figure 6 / 
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Element 82: a trusted window is owned by a specific destination entity); and where said trusted 
input manager determines that said user input relates to said graphical user interface element 
(Boebert : Column 6 Line 26 - 26 / Line 44 - 59 and Column 8 Line 57 - 63 & Figure 6 / 
Element 82). encrypted first). See the same rationale of combination applied herein as above 
in rejecting the claim 2 



Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Longbit Chai whose telephone number is 571-272-3788. The examiner 
can normally be reached on Monday-Friday 9:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




Longbit Chai 
Patent Examiner 
Art Unit 2131 
10/23/2007 



